Vulnerabilities (CVE)

Filtered by vendor Upspowercom Subscribe
Filtered by product Upsmon Pro
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-38122 1 Upspowercom 1 Upsmon Pro 2024-11-21 N/A 7.5 HIGH
UPSMON PRO transmits sensitive data in cleartext over HTTP protocol. An unauthenticated remote attacker can exploit this vulnerability to access sensitive data.
CVE-2022-38121 1 Upspowercom 1 Upsmon Pro 2024-11-21 N/A 6.5 MEDIUM
UPSMON PRO configuration file stores user password in plaintext under public user directory. A remote attacker with general user privilege can access all users‘ and administrators' account names and passwords via this unprotected configuration file.
CVE-2022-38120 1 Upspowercom 1 Upsmon Pro 2024-11-21 N/A 6.5 MEDIUM
UPSMON PRO’s has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to bypass authentication and access arbitrary system files.
CVE-2022-38119 1 Upspowercom 1 Upsmon Pro 2024-11-21 N/A 9.8 CRITICAL
UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service.